Bernd Eilers wrote:
>
> Summing everthing up so far:
>
> I think the best would be to have a configurable option as you suggested,
> but the default should be not to suppress this header and not to suppress
> this cookie because the DEFAULT for tomcat should be to be compliant to
> the servlet api specification.
>
I can buy into your reasoning. The change to make the session ID cookie visible
actually got made a few days ago (for Tomcat 4.0), and I'm about to check in the
change to make the "Authorization" header visible.
>
> Bernd
>
Craig
====================
See you at ApacheCon Europe <http://www.apachecon.com>!
Session VS01 (23-Oct 13h00-17h00): Sun Technical Briefing
Session T06 (24-Oct 14h00-15h00): Migrating Apache JServ
Applications to Tomcat